Add security/passivedns:

A tool to collect DNS records passively to aid Incident handling, Network
Security Monitoring (NSM) and general digital forensics.

PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs
the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate
DNS answers in-memory, limiting the amount of data in the logfile without
losing the essense in the DNS answer.

WWW: https://github.com/gamelinux/passivedns

PR:		198499
Submitted by:	shadowbq@gmail.com

security/Makefile

@@ -666,6 +666,7 @@
     SUBDIR += pamtester
     SUBDIR += paperkey
     SUBDIR += parano
+    SUBDIR += passivedns
     SUBDIR += pbc
     SUBDIR += pbnj
     SUBDIR += pcsc-tools

security/passivedns/Makefile

@@ -0,0 +1,40 @@
+# $FreeBSD$
+
+PORTNAME=	passivedns
+DISTVERSION=	${GH_TAG}
+CATEGORIES=	security
+DISTFILES=	gamelinux-passivedns-1.1.3-60-ga6c7e26.tar.gz
+
+MAINTAINER=	shadowbq@gmail.com
+COMMENT=	Network sniffer that logs DNS replies for use in passive DNS setups
+
+LICENSE=	GPLv2
+
+LIB_DEPENDS=	libldns.so:${PORTSDIR}/dns/ldns
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	gamelinux
+GH_PROJECT=	passivedns
+GH_TAG=		a6c7e26
+
+WRKSRC=		${WRKDIR}/gamelinux-${PORTNAME}-${GH_TAG}
+
+SUB_FILES=	pkg-message
+
+USES=		autoreconf gmake libtool
+AUTOMAKE_ARGS=	--add-missing
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--with-ldns-libraries=${PREFIX}/lib
+CONFIGURE_ARGS+=--with-ldns-includes=${PREFIX}/include
+
+USE_RC_SUBR=	passivedns
+
+.include <bsd.port.options.mk>
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/src/passivedns \
+		${STAGEDIR}${PREFIX}/bin
+	${MKDIR} ${STAGEDIR}/var/log/passivedns
+
+.include <bsd.port.mk>

security/passivedns/distinfo

@@ -0,0 +1,2 @@
+SHA256 (gamelinux-passivedns-1.1.3-60-ga6c7e26.tar.gz) = 6196cb863c8fcd352e4c3019053530c7ac75656a5c43d11be6774eb9115be5c7
+SIZE (gamelinux-passivedns-1.1.3-60-ga6c7e26.tar.gz) = 51318

security/passivedns/files/passivedns.in

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: passivedns
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable passivedns:
+# passivedns_enable (bool):	Set to YES to enable passivedns
+# 				Default: NO
+# passivedns_interface (str):	
+#				Default: none - MUST BE SET
+# passivedns_logdir (str):   	Logging Directory
+#               Default: "/var/log/passivedns"
+# passivedns_fields (str):   	Passive DNS Fields to log
+#               Default: "SMcsCQTAtn"
+# passivedns_flags (str):		Extra flags passed to passivedns (-D is always passed)
+#				Default: none
+
+. /etc/rc.subr
+
+name="passivedns"
+rcvar=passivedns_enable
+
+command="%%PREFIX%%/bin/passivedns"
+
+start_precmd=start_precmd
+
+start_precmd()
+{
+	if [ -z "${passivedns_interface}" ]; then
+		err 1 "passivedns_interface must set."
+	fi
+}
+
+# set some defaults
+load_rc_config $name
+
+: ${passivedns_enable="NO"}
+: ${passivedns_logdir="/var/log/passivedns"}
+: ${passivedns_fields="SMcsCQTAtn"}
+: ${passivedns_flags=""}
+
+command_args="-i ${passivedns_interface} -l ${passivedns_logdir}/passivedns.log -f ${passivedns_fields} ${passivedns_flags} -D"
+
+run_rc_command "$1"
+

security/passivedns/files/pkg-message.in

@@ -0,0 +1,3 @@
+A startup script 'passivedns' was installed in %%PREFIX%%/etc/rc.d/.
+
+Type "passivedns -h" on the commandline for usage instructions.

security/passivedns/pkg-descr

@@ -0,0 +1,11 @@
+A tool to collect DNS records passively to aid Incident handling, Network
+Security Monitoring (NSM) and general digital forensics.
+
+PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs
+the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate
+DNS answers in-memory, limiting the amount of data in the logfile without
+losing the essense in the DNS answer.
+
+(c)2011-2012  -  Edward Bjarte Fjellskal
+
+WWW: https://github.com/gamelinux/passivedns

security/passivedns/pkg-plist

@@ -0,0 +1,2 @@
+bin/passivedns
+@dir(root,wheel,750) /var/log/passivedns